Bug 456809 - PolicyKit fails to authenticate.
PolicyKit fails to authenticate.
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: PolicyKit (Show other bugs)
9
All Linux
low Severity high
: ---
: ---
Assigned To: David Zeuthen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-27 11:37 EDT by Feng Yu
Modified: 2013-03-05 22:56 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-28 13:37:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Feng Yu 2008-07-27 11:37:31 EDT
Description of problem:
Selinux denied PolicyKit to perform the Admin authentication.

Version-Release number of selected component (if applicable):

PolicyKit-0.8-2.fc9
selinux-policy-3.3.1-74.fc9
How reproducible:

Always
Steps to Reproduce:
1. System->Pref->System->authorizations
2. Click show authorizations from all users
3. Type in the root password
  
Actual results:
Failed to authenticate as the admin

Expected results:
A successful authentication

Additional info:
Source:  polkit-read-autSource Path:  /usr/libexec/polkit-read-auth-helper
Port:  <Unknown>Host:  xxxxxx.dhcpxx.xx.edu
Source RPM Packages:  PolicyKit-0.8-2.fc9
Target RPM Packages:  
Policy RPM:  selinux-policy-3.3.1-74.fc9
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  catchall
Host Name:  x.x.x.edu
Platform:  Linux x 2.6.25.9-76.fc9.i686 #1 SMP Fri Jun 27 16:14:35 EDT 2008 i686
i686
Alert Count:  880
First Seen:  Thu 10 Jul 2008 11:25:40 PM EDT
Last Seen:  Thu 10 Jul 2008 11:30:46 PM EDT
Local ID:  90d6db55-6bf6-429e-8060-60c8421582a3
Line Numbers:  
Raw Audit Messages :
host=x type=AVC msg=audit(1215747046.897:1122): avc: denied { dac_override } for
pid=3970 comm="polkit-read-aut" capability=1
scontext=system_u:system_r:polkit_auth_t:s0
tcontext=system_u:system_r:polkit_auth_t:s0 tclass=capability 

host=x type=AVC msg=audit(1215747046.897:1122): avc: denied { dac_read_search }
for pid=3970 comm="polkit-read-aut" capability=2
scontext=system_u:system_r:polkit_auth_t:s0
tcontext=system_u:system_r:polkit_auth_t:s0 tclass=capability 

host=x type=SYSCALL msg=audit(1215747046.897:1122): arch=40000003 syscall=195
success=no exit=-13 a0=bff47e7c a1=bff47cd8 a2=7284ff4 a3=bff47e7c items=0
ppid=3882 pid=3970 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=87
sgid=87 fsgid=87 tty=(none) ses=4294967295 comm="polkit-read-aut"
exe="/usr/libexec/polkit-read-auth-helper"
subj=system_u:system_r:polkit_auth_t:s0 key=(null)
Comment 1 Feng Yu 2008-07-27 12:59:26 EDT
Message from polkit-gnome-authorization with a new user:

** (polkit-gnome-authorization:6763): WARNING **: Error: code=3: uid 501 is not
authorized to read authorizations for uid 501 (requires
org.freedesktop.policykit.read)

PAM version:
pam-1.0.1-4.fc9.i386

I changed it to high because the entire policy thing is not working at all.
It may be due to the misconf of my machine but I can't find any clue.


cat /etc/pam.d/polkit
#%PAM-1.0

auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth


Comment 2 Feng Yu 2008-07-28 13:37:37 EDT
Not a bug. owner of /usr/lib/PolicyKit was mistakenly set to root:root.
Reinstalling PolicyKit with
yum reinstall PolicyKit 
solves the problem.


Note You need to log in before you can comment on or make changes to this bug.